Top-Level Takeaways
- Backed by AI, phishing and ransomware threats are becoming more sophisticated.
- Regular testing, patching, and comprehensive vendor management are critical to staying ahead.
Gone are the days of old time-y bank robbers in pinstripe suits and Halloween store masks.
In today’s digital landscape, sophisticated online criminals are running amok, and credit unions are among their No. 1 targets. According to an IBM report from 2023, financial services firms are 300 times more likely to be targeted by a cyberattack, with the average cost of a breach coming in at approximately $5.9 million.
As the industry enters the final stretch of 2024, CreditUnions.com caught up with three technology leaders about what challenges they’re facing today what’s on the horizon for cybersecurity tomorrow.
Cybersecurity Maturity
Dave Wagner is the vice president of information technology and chief information officer at University Federal Credit Union ($4.1B, Austin, TX). The CIO has 35 years of IT experience across different industries and joined UFCU in January 2021.
What’s keeping you up at night from a cybersecurity and fraud perspective?
Dave Wagner: Our phishing vulnerabilities. We’ve got approximately 750 employees — that means we’ve got 750 potentially vulnerable touchpoints in our organization. Bad actors are becoming more sophisticated thanks to new technologies like AI. Heaven forbid one of our employees falls victim to that because then you’ve given a bad actor access to our network and data. Who knows how much damage they can do at that point? We’re only as good as our weakest link, so we try to spend a good amount of time on education and awareness for our team.
What’s on the horizon for 2025?
DW: We’re trying to advance our cybersecurity maturity. We look at the National Institute for Science and Technology framework and measure ourselves relative to that. We feel the more mature we are, the better prepared we are, the more resilient we are in responding to an issue.
Now that we know we have the capabilities, we need to do a better job at formalizing our procedures and policies and making sure they are up to date. We’ll also be working on enhancing our protective stance, such as expanding our use of data encryption and preventing unpatched network devices from attaching to our network.
Remediate Vulnerabilities
Chad Carrington is the senior vice president and chief information officer at Golden 1 Credit Union ($19.3B, Sacramento, CA). Carrington has led technology, operational, and security organizations in educational, not-for-profit, and corporate settings for more than 20 years. He joined Golden 1 in April 2008 and became its chief information officer in March 2014.
What’s keeping you up at night from a cybersecurity and fraud perspective?
Chad Carrington: Within the cybersecurity space, we continue to see criminal activity getting faster and more sophisticated with AI and other technologies. The rapid attack methods and morphing techniques keep us on the edge of our seats as we work to combat the relentless cybersecurity attacks within our industry. Additionally, defending against fraud continues to be a challenge. Our top priority is keeping our members safe and secure while delivering exceptional service.
What’s on the horizon for 2025?
CC: We are always monitoring increasing threats related to ransomware and third-or-fourth-party risks. We continue to diligently address cybersecurity threats, but across the industry, we regularly see threat actors capitalize on security weaknesses.
We must continue to keep a close eye on vendor-related risks, introduce strong contractual terms, and validate their controls through comprehensive vendor management practices. For ransomware threats, we must continue to educate our employees and members — and test our education efforts — patch, patch, patch, and remediate vulnerabilities.
We will also see organized crime use industry regulations to perpetrate fraudulent activities. We will continue to work closely with industry peers, regulatory agencies, and law enforcement to focus on addressing these increasing threats to our critical financial infrastructure.
Weigh AI Opportunity Against Risk
Charles Beierle is the senior vice president and chief information officer at Randolph-Brooks Federal Credit Union ($17.6B, Live Oak, TX). Beierle joined RBFCU in 2021 with more than 20 years of experience in IT. He frequently participates in speaking engagements to develop the next generation of professionals.
What’s keeping you up at night from a cybersecurity and fraud perspective?
Charles Beierle: An incident of fraud will erode brand trust, so we must be proactive and keep our members aware of the consequences and impacts of not being vigilant and spotting fraud techniques. The reality of the situation is that your opponent only has to be correct — or lucky — once to bring you down, causing a severe impact on the organization and the membership.
In these high-stake roles, it’s also important to take time away from work to be effective in your position. We stress these points and hope we do it in a way that leaves a lasting impression on our members and our employees.
What’s on the horizon for 2025?
CB: We will be sorting through AI to weigh opportunity against risk, the same as the industry did when the cloud was the hot new technology. Cyber resources will be challenged with many of the same threats they confronted in recent years but likely at a scale and adaptability never encountered. Security leaders will need to remain focused on priorities to combat these threats and steadfast in requiring demonstrable capabilities for this new technology.
Interviews have been edited and condensed.
What Can You Learn From Like-Minded Leaders? Credit unions are responding to the evolving needs of members with a variety of products and services — and they are using expertise from one another to do so. Callahan Roundtables put leaders in the same room to share solutions, solicit feedback, pose questions, and more. Inspiration is a Roundtable away. Learn more today.
